From 8896ca0ee65b87f4774c8235d274278338e42df3 Mon Sep 17 00:00:00 2001
From: viyatb-oai <viyatb@openai.com>
Date: Fri, 6 Feb 2026 11:00:54 -0800
Subject: [PATCH] fix(linux-sandbox): block io_uring syscalls in no-network
 seccomp policy (#10814)

## Summary

- Add seccomp deny rules for `io_uring` syscalls in the Linux sandbox
network policy.
- Specifically deny:
  - `SYS_io_uring_setup`
  - `SYS_io_uring_enter`
  - `SYS_io_uring_register`
---
 codex-rs/linux-sandbox/src/landlock.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/codex-rs/linux-sandbox/src/landlock.rs b/codex-rs/linux-sandbox/src/landlock.rs
index 485301179..d49491233 100644
--- a/codex-rs/linux-sandbox/src/landlock.rs
+++ b/codex-rs/linux-sandbox/src/landlock.rs
@@ -149,6 +149,9 @@ fn install_network_seccomp_filter_on_current_thread() -> std::result::Result<(),
     deny_syscall(libc::SYS_getsockopt);
     deny_syscall(libc::SYS_setsockopt);
     deny_syscall(libc::SYS_ptrace);
+    deny_syscall(libc::SYS_io_uring_setup);
+    deny_syscall(libc::SYS_io_uring_enter);
+    deny_syscall(libc::SYS_io_uring_register);
 
     // For `socket` we allow AF_UNIX (arg0 == AF_UNIX) and deny everything else.
     let unix_only_rule = SeccompRule::new(vec![SeccompCondition::new(